- Research Article
- Open access
- Published:
Detecting Distributed Network Traffic Anomaly with Network-Wide Correlation Analysis
EURASIP Journal on Advances in Signal Processing volume 2009, Article number: 752818 (2008)
Abstract
Distributed network traffic anomaly refers to a traffic abnormal behavior involving many links of a network and caused by the same source (e.g., DDoS attack, worm propagation). The anomaly transiting in a single link might be unnoticeable and hard to detect, while the anomalous aggregation from many links can be prevailing, and does more harm to the networks. Aiming at the similar features of distributed traffic anomaly on many links, this paper proposes a network-wide detection method by performing anomalous correlation analysis of traffic signals' instantaneous parameters. In our method, traffic signals' instantaneous parameters are firstly computed, and their network-wide anomalous space is then extracted via traffic prediction. Finally, an anomaly is detected by a global correlation coefficient of anomalous space. Our evaluation using Abilene traffic traces demonstrates the excellent performance of this approach for distributed traffic anomaly detection.
Publisher note
To access the full article, please see PDF.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Open Access This article is distributed under the terms of the Creative Commons Attribution 2.0 International License (https://creativecommons.org/licenses/by/2.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
About this article
Cite this article
Zonglin, L., Guangmin, H., Xingmiao, Y. et al. Detecting Distributed Network Traffic Anomaly with Network-Wide Correlation Analysis. EURASIP J. Adv. Signal Process. 2009, 752818 (2008). https://doi.org/10.1155/2009/752818
Received:
Accepted:
Published:
DOI: https://doi.org/10.1155/2009/752818